MetaDatabase password Connection string is not encoded (special char escaping) (sqlalchemy uri)

[L0x6]

I am upgrading superset from version 2.0.1 to version 3.0.0 (same issue arises when tested with version 2.1.1)
I m using helm chart 0.10.9 and postgresql is used as metadata database.
When deploying with default passwords (specially the database password), everything works fine.
But when i use a db password containing special character "@" (like p@ssword), deployment ends with error.
It s unable to connect to the database because it's treating the after "@" as the starting of the db hostname.

The same password was used in version 2.0.1 and its working fine

How to reproduce the bug

1. using helm chart values file change the db password to something containing "@" like p@ssword
2. Make sure postgresql is enabled
3. Deploy superset (helm install....)
4. Kubectl get pod
5. See error in all superset containers basically (except for postgresql and redis)

Expected results

Database creation and initialization successful, deployment running without errors

Actual results

Error at DB creation and initialization step
( i think Database connection string is not url encoding or escaping the special characters in the password)

Screenshots

If applicable, add screenshots to help explain your problem.

Environment

• browser type and version: edge (not related i guess)
• superset version: 3.0.0 and 2.1.1
• python version: 3.9
• node.js version: default

Checklist

Yes i did.

• I have checked the superset logs for python stacktraces and included it here as text if there are any.
• I have reproduced the issue with at least the latest released version of superset.
• I have checked the issue tracker for the same issue and I haven't found one similar.

Additional context

I went through the commits related to sqlalchemy on superset and i think the problem started after upgrading from sqlalchemy 1.3 to 1.4,
There was so many changes in database uri functions and how it's treating the uri before passing it to engine (postgresql in my case) #19890

[sfirke]

Possibly related: https://docs.sqlalchemy.org/en/14/core/engines.html#escaping-special-characters-such-as-signs-in-passwords

[L0x6]

Yeah i m aware of that, and i tried multiple ways to encode the password (escape all special chars), didn't work
I added an override function to the superset_config.py to recreate the SQL_ALCHEMY_URI with encoding/escaping
I tested woth hardcoded escape (using %40 instead of @)
Still no luck ! Its always decoding and treating @ as the start of db hostname.
I m not sure anymore if this is sqlalchemy problem or superset is not escaping the char properly.

[ramki88]

Related #26029
@L0x6 we have the same issue the superset_app will comeup but init DB will fail as the encoded password is getting decoded in

superset/superset/migrations/env.py

Line 45 in 890bf59

decoded_uri = urllib.parse.unquote(DATABASE_URI)

As a workaround we are using decoded_uri = DATABASE_URI.replace("%", "%%") in line 45

[L0x6]

Thank you ! I ll test it separately then !
Btw, we just changed the password eventually

[sfirke]

Thanks for sharing that fix @ramki88 ! If you see a way to implement an improvement in the Superset codebase, feel free to send a pull request.

[ramki88]

Sure @sfirke. Have raised a PR #26094

[rusackas]

Looks like we're still trying to get this PR across the line. Hopefully it's very close! Thanks @ramki88

[rusackas]

BTW, not sure, but there may be some crossover with this issue somewhere along the line.